Sponsored by..

Thursday 3 July 2008

Asprox domains: 3/7/08 and ngg.js

The Asprox domains used in the current round of SQL Injection attacks have shifted again, the ones to check for or block are:

  • adwadb.mobi
  • allocbn.mobi
  • canclvr.com
  • catdbw.mobi
  • ktrcom.com
  • lokriet.com
  • mainbvd.com
  • portwbr.com
  • stiwdd.com
  • testwvr.com
  • upcomd.com
  • ucomddv.com
The malicious javascript file has also changed to ngg.js (usually it is b.js or m.js or similar). If you're using Google Alerts or similar to monitor your own site or sites of interest, you might want to change the search string to something like "script src=http:" .js site:oceanic-air.com (replace the domain name with the site you want to monitor).

No comments: